Does Webhook Helper have any unpatched vulnerabilities?

No. All known vulnerabilities in Webhook Helper have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Webhook Helper compatible with WordPress 6.8.5?

According to WordPress.org data, Webhook Helper 1.7.5 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Webhook Helper compatible with PHP 5.6+?

Webhook Helper requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Webhook Helper updated?

Webhook Helper was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is Webhook Helper's security score?

Webhook Helper has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Webhook Helper Security & Risk Analysis

wordpress.org/plugins/api2cart-webhook-helper

Enhance Your WooCommerce Integration with Extended Webhook Support

40 active installs v1.7.5 PHP 5.6+ WP 4.1+ Updated Mar 5, 2026

api2cartwoocommerce-integrationwoocommerce-pluginwoocommerce-shopping-cart-updateswoocommerce-webhooks

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Webhook Helper Safe to Use in 2026?

Generally Safe

Score 100/100

Webhook Helper has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The plugin "api2cart-webhook-helper" v1.7.5 exhibits a generally good security posture based on the provided static analysis. The absence of any detected CVEs and a complete lack of vulnerability history suggest a mature and stable codebase. Furthermore, the plugin demonstrates strong practices by properly escaping all output and avoiding external HTTP requests, file operations, and bundled libraries. The analysis also shows no critical or high-severity taint flows, indicating that user-supplied data is likely handled safely. The use of prepared statements for 71% of SQL queries is also a positive sign. However, a significant concern is the presence of the `unserialize` function without any visible nonce or capability checks at the entry points. While the static analysis reports zero entry points, the `unserialize` function itself can be a vector for remote code execution if it processes untrusted data, especially in contexts where WordPress's internal data might be unserialized. This makes the plugin susceptible to potential deserialization vulnerabilities if certain internal WordPress mechanisms or external data sources interact with this function in an insecure manner.

Key Concerns

Dangerous function 'unserialize' found
No nonce checks detected
No capability checks detected

Vulnerabilities

None known

Webhook Helper Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Webhook Helper Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$cartData = unserialize( $userMeta[$this->get_cart_meta_key_slug()][0] );includes\class-a2c-webhook-helper-rest-api-controller.php:157

unserialize$cartData = unserialize( $userMeta[$this->get_cart_meta_key_slug()][0] );includes\class-a2c-webhook-helper-rest-api-controller.php:207

unserializeupdate_user_meta( $userData->data->ID, $this->get_cart_meta_key_slug(), unserialize( $cartData, arraincludes\class-a2c-webhook-helper-rest-api-controller.php:267

unserializeupdate_user_meta( $userData->ID, $this->get_cart_meta_key_slug(), unserialize( $cartData, array('allincludes\class-a2c-webhook-helper-rest-api-controller.php:302

unserialize$res = unserialize($sessionData, array( 'allowed_classes' => array( 'stdClass' ) ) );includes\class-a2c-webhook-helper-rest-api-controller.php:342

unserialize$cartData = unserialize( $item->meta_value, array('allowed_classes' => array( 'stdClass') ) );includes\class-a2c-webhook-helper-rest-api-controller.php:476

SQL Query Safety

71% prepared7 total queries

Output Escaping

100% escaped1 total outputs

Attack Surface

Webhook Helper Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 28

actionadmin_noticesa2c-webhook-helper.php:64

actionrest_api_inita2c-webhook-helper.php:65

actionplugins_loadeda2c-webhook-helper.php:66

actionwoocommerce_checkout_create_orderapp\WH_Helper.php:45

actionwoocommerce_webhook_payloadapp\WH_Helper.php:46

actionwoocommerce_webhook_topic_hooksapp\WH_Helper.php:47

actionwoocommerce_update_cart_action_cart_updatedapp\WH_Helper.php:49

actionwoocommerce_cart_item_restoredapp\WH_Helper.php:50

actionwoocommerce_cart_item_removedapp\WH_Helper.php:51

actionwoocommerce_add_to_cartapp\WH_Helper.php:52

actionwoocommerce_valid_webhook_resourcesapp\WH_Helper.php:54

actionwoocommerce_webhook_topicsapp\WH_Helper.php:55

actionupdate_user_metaapp\WH_Helper.php:56

actionupdated_user_metaapp\WH_Helper.php:57

actionwoocommerce_before_order_object_saveapp\WH_Helper.php:59

actionwoocommerce_after_order_object_saveapp\WH_Helper.php:60

actionvi_woo_orders_tracking_single_edit_tracking_changeapp\WH_Helper.php:61

actionbridge_tracking_changeapp\WH_Helper.php:62

actionadd_post_metaapp\WH_Helper.php:64

actionupdate_post_metaapp\WH_Helper.php:65

actionupdated_post_metaapp\WH_Helper.php:66

actiondelete_post_metaapp\WH_Helper.php:67

actionwoocommerce_new_product_variationapp\WH_Helper.php:69

actionwoocommerce_update_product_variationapp\WH_Helper.php:70

actionwoocommerce_before_delete_product_variationapp\WH_Helper.php:71

actioncreate_product_catapp\WH_Helper.php:73

actionedited_product_catapp\WH_Helper.php:74

actiondelete_term_taxonomyapp\WH_Helper.php:75

Maintenance & Trust

Webhook Helper Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMar 5, 2026

PHP min version5.6

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

Webhook Helper Alternatives

Connector Woo Odoo By Tech-Receptives

connector-woo-odoo

This plugin extends WooCommerce Web Services by adding some additional endpoints.

300 No CVEs

CedCommerce Connector for TikTok Shop

cedcommerce-connector-for-tiktok-shop

100

This plugin enables seamless integration with TikTok Shop, providing advanced features like managing products listing and order synchronization.

200 No CVEs

Integration for HubSpot and WooCommerce

wp-hubspot-woocommerce

100

HubSpot WooCommerce Plugin allows you to quickly integrate WooCommerce Orders with HubSpot.

100 1 CVE

API2Cart Live Shipping 4 Woocommerce

api2cart-live-shipping-4-woocommerce

100

This plugin allows to use of real-time shipping rates provided by third-party shipping services.

30 No CVEs

CedCommerce Integration for AliExpress

cedcommerce-integration-for-aliexpress

100

This plugin enables seamless integration with Aliexpress, providing advanced features like managing products listing and order synchronization.

0 No CVEs

Developer Profile

Webhook Helper Developer Profile

Developer

3 plugins · 120 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

452 days

View full developer profile

Detection Fingerprints

How We Detect Webhook Helper

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes

data-id

JS Globals

window.a2c_webhook_helper_rest_api_controller

REST Endpoints

/wc-a2c/v1/basket/(?P<id>[A-Fa-f0-9]{0,32})/wc-a2c/v1/customer/(?P<id>[0-9]{0,32})/basket/wc-a2c/v1/customer/(?P<id>[0-9]{0,32})/session/wc-a2c/v1/abandoned-order

FAQ